=========================================================== Ubuntu Security Notice USN-332-1 August 03, 2006 gnupg vulnerability CVE-2006-3746 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 5.04 Ubuntu 5.10 Ubuntu 6.06 LTS This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 5.04: gnupg 1.2.5-3ubuntu5.5 Ubuntu 5.10: gnupg 1.4.1-1ubuntu1.4 Ubuntu 6.06 LTS: gnupg 1.4.2.2-1ubuntu2.2 In general, a standard system upgrade is sufficient to effect the necessary changes. Details follow: Evgeny Legerov discovered that gnupg did not sufficiently check the validity of the comment and a control field. Specially crafted GPG data could cause a buffer overflow. This could be exploited to execute arbitrary code with the user's privileges if an attacker can trick an user into processing a malicious encrypted/signed document with gnupg. Updated packages for Ubuntu 5.04: Source archives: http://security.ubuntu.com/ubuntu/pool/main/g/gnupg/gnupg_1.2.5-3ubuntu5.5.diff.gz Size/MD5: 67172 29ae368ce975c0ba45f5f8faab3544eb http://security.ubuntu.com/ubuntu/pool/main/g/gnupg/gnupg_1.2.5-3ubuntu5.5.dsc Size/MD5: 654 b77427b0e347fd51822fbded59629c39 http://security.ubuntu.com/ubuntu/pool/main/g/gnupg/gnupg_1.2.5.orig.tar.gz Size/MD5: 3645308 9109ff94f7a502acd915a6e61d28d98a amd64 architecture (Athlon64, Opteron, EM64T Xeon) http://security.ubuntu.com/ubuntu/pool/main/g/gnupg/gnupg_1.2.5-3ubuntu5.5_amd64.deb Size/MD5: 806304 ed9984ee4c43817ad4bfaac0318dacd2 http://security.ubuntu.com/ubuntu/pool/main/g/gnupg/gpgv-udeb_1.2.5-3ubuntu5.5_amd64.udeb Size/MD5: 146492 1761ff0057e8c5fc1290bb6fea061fff i386 architecture (x86 compatible Intel/AMD) http://security.ubuntu.com/ubuntu/pool/main/g/gnupg/gnupg_1.2.5-3ubuntu5.5_i386.deb Size/MD5: 750870 327780d0bc5b4492cfb2d91d81ce1e4d http://security.ubuntu.com/ubuntu/pool/main/g/gnupg/gpgv-udeb_1.2.5-3ubuntu5.5_i386.udeb Size/MD5: 121414 755b78879ae2ff649831bc4258ec9cd0 powerpc architecture (Apple Macintosh G3/G4/G5) http://security.ubuntu.com/ubuntu/pool/main/g/gnupg/gnupg_1.2.5-3ubuntu5.5_powerpc.deb Size/MD5: 806802 659c72a26c312d0a21dfca0ef8168dc1 http://security.ubuntu.com/ubuntu/pool/main/g/gnupg/gpgv-udeb_1.2.5-3ubuntu5.5_powerpc.udeb Size/MD5: 135552 738c35bc6fce9b6c23a85bcd8e805d31 Updated packages for Ubuntu 5.10: Source archives: http://security.ubuntu.com/ubuntu/pool/main/g/gnupg/gnupg_1.4.1-1ubuntu1.4.diff.gz Size/MD5: 21517 ce1cea807240a851dc29c0ad1c8e3824 http://security.ubuntu.com/ubuntu/pool/main/g/gnupg/gnupg_1.4.1-1ubuntu1.4.dsc Size/MD5: 684 75bea35501b917876414e63811e4724f http://security.ubuntu.com/ubuntu/pool/main/g/gnupg/gnupg_1.4.1.orig.tar.gz Size/MD5: 4059170 1cc77c6943baaa711222e954bbd785e5 amd64 architecture (Athlon64, Opteron, EM64T Xeon) http://security.ubuntu.com/ubuntu/pool/main/g/gnupg/gnupg_1.4.1-1ubuntu1.4_amd64.deb Size/MD5: 1136488 845e1771e0f8437a7d77b8ffcdc13b5a http://security.ubuntu.com/ubuntu/pool/main/g/gnupg/gpgv-udeb_1.4.1-1ubuntu1.4_amd64.udeb Size/MD5: 152266 3a4de994f65e12058b69eeb3940d8c9f i386 architecture (x86 compatible Intel/AMD) http://security.ubuntu.com/ubuntu/pool/main/g/gnupg/gnupg_1.4.1-1ubuntu1.4_i386.deb Size/MD5: 1044632 f8da3941df01cced12e35fb0c4bf3e53 http://security.ubuntu.com/ubuntu/pool/main/g/gnupg/gpgv-udeb_1.4.1-1ubuntu1.4_i386.udeb Size/MD5: 130694 3af2232b978645923226a0cb6714475d powerpc architecture (Apple Macintosh G3/G4/G5) http://security.ubuntu.com/ubuntu/pool/main/g/gnupg/gnupg_1.4.1-1ubuntu1.4_powerpc.deb Size/MD5: 1119760 3a01f0ee2ba319d6d884b84f82b25f2d http://security.ubuntu.com/ubuntu/pool/main/g/gnupg/gpgv-udeb_1.4.1-1ubuntu1.4_powerpc.udeb Size/MD5: 140248 a61c84caeecffb3b3c3207b28a84e8ab sparc architecture (Sun SPARC/UltraSPARC) http://security.ubuntu.com/ubuntu/pool/main/g/gnupg/gnupg_1.4.1-1ubuntu1.4_sparc.deb Size/MD5: 1064344 258595b36dd297f5100cc82f59717e54 http://security.ubuntu.com/ubuntu/pool/main/g/gnupg/gpgv-udeb_1.4.1-1ubuntu1.4_sparc.udeb Size/MD5: 139584 58cc4a91254ea52878b4df2873ad22c2 Updated packages for Ubuntu 6.06 LTS: Source archives: http://security.ubuntu.com/ubuntu/pool/main/g/gnupg/gnupg_1.4.2.2-1ubuntu2.2.diff.gz Size/MD5: 20451 b0c637087a904197f957c32b6364417d http://security.ubuntu.com/ubuntu/pool/main/g/gnupg/gnupg_1.4.2.2-1ubuntu2.2.dsc Size/MD5: 692 84098e8a7001961c8141eb8ea4f3dcde http://security.ubuntu.com/ubuntu/pool/main/g/gnupg/gnupg_1.4.2.2.orig.tar.gz Size/MD5: 4222685 50d8fd9c5715ff78b7db0e5f20d08550 amd64 architecture (Athlon64, Opteron, EM64T Xeon) http://security.ubuntu.com/ubuntu/pool/main/g/gnupg/gnupg_1.4.2.2-1ubuntu2.2_amd64.deb Size/MD5: 1066284 23f4741e2da976dd050d38c5da08e9f8 http://security.ubuntu.com/ubuntu/pool/main/g/gnupg/gpgv-udeb_1.4.2.2-1ubuntu2.2_amd64.udeb Size/MD5: 140296 c53b5fbc2cc73451b72875907cc417c1 i386 architecture (x86 compatible Intel/AMD) http://security.ubuntu.com/ubuntu/pool/main/g/gnupg/gnupg_1.4.2.2-1ubuntu2.2_i386.deb Size/MD5: 981204 ed7bcc9d4a3442efbcac2f4b99a2b57d http://security.ubuntu.com/ubuntu/pool/main/g/gnupg/gpgv-udeb_1.4.2.2-1ubuntu2.2_i386.udeb Size/MD5: 120282 031ef43bea646c9687a8e9d1929ad988 powerpc architecture (Apple Macintosh G3/G4/G5) http://security.ubuntu.com/ubuntu/pool/main/g/gnupg/gnupg_1.4.2.2-1ubuntu2.2_powerpc.deb Size/MD5: 1053660 7ee4f7add0d48f056fb0fc964b85b032 http://security.ubuntu.com/ubuntu/pool/main/g/gnupg/gpgv-udeb_1.4.2.2-1ubuntu2.2_powerpc.udeb Size/MD5: 130170 fe7a1606cc65d71fce2b7e7f3fab88dc sparc architecture (Sun SPARC/UltraSPARC) http://security.ubuntu.com/ubuntu/pool/main/g/gnupg/gnupg_1.4.2.2-1ubuntu2.2_sparc.deb Size/MD5: 993782 025a2fbe8c4a466b37b2a455226f3876 http://security.ubuntu.com/ubuntu/pool/main/g/gnupg/gpgv-udeb_1.4.2.2-1ubuntu2.2_sparc.udeb Size/MD5: 127434 2d5a6522372b8c645a2fb5b37bb1e846